CVE-2022-32990 – gimp: unhandled exception via a crafted XCF file may lead to DoS
https://notcve.org/view.php?id=CVE-2022-32990
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). Un problema en la función gimp_layer_invalidate_boundary de GNOME GIMP versión 2.10.30, permite a atacantes desencadenar una excepción no manejada por medio de un archivo XCF diseñado, causando una Denegación de Servicio (DoS) A vulnerability was found in GIMP when loading a specially crafted XCF file. Due to an incorrect function return value, GIMP may access memory outside its address space, resulting in a denial of service. • https://gitlab.gnome.org/GNOME/gimp/-/issues/8230 https://access.redhat.com/security/cve/CVE-2022-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2103202 • CWE-125: Out-of-bounds Read CWE-755: Improper Handling of Exceptional Conditions •
CVE-2022-30067 – gimp: buffer overflow through a crafted XCF file
https://notcve.org/view.php?id=CVE-2022-30067
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. GIMP versiones 2.10.30 y 2.99.10, son vulnerables a un Desbordamiento del Búfer. Mediante un archivo XCF diseñado, el programa asignará una gran cantidad de memoria, resultando en una memoria insuficiente o en un bloqueo del programa A vulnerability was found in GIMP. Via a specially crafted XCF file, GIMP can allocate a large amount of memory, potentially resulting in a denial of service. • https://gitlab.gnome.org/GNOME/gimp/-/issues/8120 https://lists.debian.org/debian-lts-announce/2023/11/msg00015.html https://access.redhat.com/security/cve/CVE-2022-30067 https://bugzilla.redhat.com/show_bug.cgi?id=2087591 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •